nvoi 0.1.5

data/lib/nvoi/steps/volume_provisioner.rb

@@ -0,0 +1,154 @@
+# frozen_string_literal: true
+
+module Nvoi
+  module Steps
+    # VolumeProvisioner handles provisioning of block storage volumes
+    class VolumeProvisioner
+      def initialize(config, provider, log)
+        @config = config
+        @provider = provider
+        @log = log
+        @namer = config.namer
+      end
+
+      def run
+        volumes_to_provision = collect_volumes
+        return if volumes_to_provision.empty?
+
+        @log.info "Provisioning %d volume(s)", volumes_to_provision.size
+
+        volumes_to_provision.each do |vol_config|
+          provision_volume(vol_config)
+        end
+
+        @log.success "All volumes provisioned"
+      end
+
+      private
+
+        def collect_volumes
+          volumes = []
+
+          # Database volume
+          db = @config.deploy.application.database
+          if db&.volume && !db.volume.empty?
+            server_name = resolve_server_name(db.servers)
+            volumes << {
+              name: @namer.database_volume_name,
+              server_name:,
+              mount_path: "/opt/nvoi/volumes/#{@namer.database_volume_name}",
+              size: 10
+            }
+          end
+
+          # Service volumes
+          @config.deploy.application.services.each do |svc_name, svc|
+            next unless svc&.volume && !svc.volume.empty?
+
+            server_name = resolve_server_name(svc.servers)
+            vol_name = @namer.service_volume_name(svc_name, "data")
+            volumes << {
+              name: vol_name,
+              server_name:,
+              mount_path: "/opt/nvoi/volumes/#{vol_name}",
+              size: 10
+            }
+          end
+
+          # App volumes
+          @config.deploy.application.app.each do |app_name, app|
+            next unless app&.volumes && !app.volumes.empty?
+
+            server_name = resolve_server_name(app.servers)
+            app.volumes.each_key do |vol_key|
+              vol_name = @namer.app_volume_name(app_name, vol_key)
+              volumes << {
+                name: vol_name,
+                server_name:,
+                mount_path: "/opt/nvoi/volumes/#{vol_name}",
+                size: 10
+              }
+            end
+          end
+
+          volumes
+        end
+
+        def resolve_server_name(servers)
+          return @config.server_name if servers.nil? || servers.empty?
+
+          # Use first server in the list
+          group_name = servers.first
+          @namer.server_name(group_name, 1)
+        end
+
+        def provision_volume(vol_config)
+          @log.info "Provisioning volume: %s", vol_config[:name]
+
+          # Check if volume already exists
+          existing = @provider.get_volume_by_name(vol_config[:name])
+          if existing
+            @log.info "Volume already exists: %s", vol_config[:name]
+            ensure_attached_and_mounted(existing, vol_config)
+            return
+          end
+
+          # Find server to attach to
+          server = @provider.find_server(vol_config[:server_name])
+          raise VolumeError, "server not found: #{vol_config[:server_name]}" unless server
+
+          # Create volume
+          opts = Providers::VolumeCreateOptions.new(
+            name: vol_config[:name],
+            size: vol_config[:size],
+            server_id: server.id
+          )
+          volume = @provider.create_volume(opts)
+
+          # Attach volume
+          @log.info "Attaching volume to server..."
+          @provider.attach_volume(volume.id, server.id)
+
+          # Mount volume on server (includes device wait)
+          mount_volume(server.public_ipv4, volume, vol_config[:mount_path])
+
+          @log.success "Volume provisioned and mounted: %s", vol_config[:name]
+        end
+
+        def ensure_attached_and_mounted(volume, vol_config)
+          server = @provider.find_server(vol_config[:server_name])
+          return unless server
+
+          # Attach if not attached
+          if volume.server_id.nil? || volume.server_id.empty?
+            @log.info "Attaching existing volume..."
+            @provider.attach_volume(volume.id, server.id)
+            volume = @provider.get_volume(volume.id)
+          end
+
+          # Mount if not mounted
+          mount_volume(server.public_ipv4, volume, vol_config[:mount_path])
+        end
+
+        def mount_volume(server_ip, volume, mount_path)
+          ssh = Remote::SSHExecutor.new(server_ip, @config.ssh_key_path)
+          volume_manager = Remote::VolumeManager.new(ssh)
+
+          # Get device path (refreshed from provider)
+          refreshed = @provider.get_volume(volume.id)
+          device_path = refreshed&.device_path
+
+          return unless device_path && !device_path.empty?
+
+          @log.info "Mounting volume at %s", mount_path
+
+          opts = Remote::MountOptions.new(
+            device_path:,
+            mount_path:,
+            fs_type: "xfs"
+          )
+          volume_manager.mount(opts)
+        end
+    end
+  end
+end

data/lib/nvoi/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module Nvoi
+  VERSION = "0.1.5"
+end

data/lib/nvoi.rb

@@ -0,0 +1,79 @@
+# frozen_string_literal: true
+
+require "yaml"
+require "json"
+require "openssl"
+require "securerandom"
+require "fileutils"
+require "tempfile"
+require "open3"
+
+require_relative "nvoi/version"
+require_relative "nvoi/constants"
+require_relative "nvoi/errors"
+require_relative "nvoi/logger"
+
+require_relative "nvoi/config/types"
+require_relative "nvoi/config/naming"
+require_relative "nvoi/config/ssh_keys"
+require_relative "nvoi/config/env_resolver"
+require_relative "nvoi/config/loader"
+require_relative "nvoi/config/config"
+
+require_relative "nvoi/credentials/crypto"
+require_relative "nvoi/credentials/manager"
+require_relative "nvoi/credentials/editor"
+
+require_relative "nvoi/providers/base"
+require_relative "nvoi/providers/hetzner"
+require_relative "nvoi/providers/aws"
+
+require_relative "nvoi/cloudflare/client"
+
+require_relative "nvoi/remote/ssh_executor"
+require_relative "nvoi/remote/docker_manager"
+require_relative "nvoi/remote/volume_manager"
+
+require_relative "nvoi/k8s/templates"
+require_relative "nvoi/k8s/renderer"
+
+require_relative "nvoi/deployer/types"
+require_relative "nvoi/deployer/retry"
+require_relative "nvoi/deployer/tunnel_manager"
+require_relative "nvoi/deployer/infrastructure"
+require_relative "nvoi/deployer/image_builder"
+require_relative "nvoi/deployer/service_deployer"
+require_relative "nvoi/deployer/cleaner"
+require_relative "nvoi/deployer/orchestrator"
+
+require_relative "nvoi/steps/server_provisioner"
+require_relative "nvoi/steps/volume_provisioner"
+require_relative "nvoi/steps/k3s_provisioner"
+require_relative "nvoi/steps/k3s_cluster_setup"
+require_relative "nvoi/steps/tunnel_configurator"
+require_relative "nvoi/steps/database_provisioner"
+require_relative "nvoi/steps/services_provisioner"
+require_relative "nvoi/steps/application_deployer"
+
+require_relative "nvoi/service/provider"
+require_relative "nvoi/service/deploy"
+require_relative "nvoi/service/delete"
+require_relative "nvoi/service/exec"
+
+require_relative "nvoi/cli"
+
+module Nvoi
+  class << self
+    attr_accessor :logger
+
+    def root
+      File.expand_path("..", __dir__)
+    end
+
+    def templates_path
+      File.join(root, "templates")
+    end
+  end
+
+  self.logger = Logger.new
+end

data/templates/app-deployment.yaml.erb

@@ -0,0 +1,102 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: <%= name %>
+  namespace: default
+spec:
+  replicas: <%= replicas %>
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxUnavailable: 0
+      maxSurge: 1
+  selector:
+    matchLabels:
+      app: <%= name %>
+  template:
+    metadata:
+      labels:
+        app: <%= name %>
+    spec:
+<% if affinity_server_names && !affinity_server_names.empty? %>
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: nvoi.io/server-name
+                operator: In
+                values:
+<% affinity_server_names.each do |server| %>
+                - <%= server %>
+<% end %>
+<% end %>
+      containers:
+      - name: app
+        image: <%= image %>
+<% if command && !command.empty? %>
+        command:
+<% command.each do |cmd| %>
+        - <%= cmd.inspect %>
+<% end %>
+<% end %>
+<% if port && port > 0 %>
+        ports:
+        - containerPort: <%= port %>
+<% end %>
+        env:
+<% env_keys.each do |key| %>
+        - name: <%= key %>
+          valueFrom:
+            secretKeyRef:
+              name: <%= secret_name %>
+              key: <%= key %>
+<% end %>
+<% if readiness_probe %>
+        readinessProbe:
+          httpGet:
+            path: <%= readiness_probe[:path] %>
+            port: <%= readiness_probe[:port] %>
+          initialDelaySeconds: <%= readiness_probe[:initial_delay] %>
+          periodSeconds: <%= readiness_probe[:period] %>
+          timeoutSeconds: <%= readiness_probe[:timeout] %>
+          failureThreshold: <%= readiness_probe[:failure_threshold] %>
+<% end %>
+<% if liveness_probe %>
+        livenessProbe:
+          httpGet:
+            path: <%= liveness_probe[:path] %>
+            port: <%= liveness_probe[:port] %>
+          initialDelaySeconds: <%= liveness_probe[:initial_delay] %>
+          periodSeconds: <%= liveness_probe[:period] %>
+          timeoutSeconds: <%= liveness_probe[:timeout] %>
+          failureThreshold: <%= liveness_probe[:failure_threshold] %>
+<% end %>
+        resources:
+          requests:
+            memory: <%= resources[:request_memory] %>
+            cpu: <%= resources[:request_cpu] %>
+          limits:
+            memory: <%= resources[:limit_memory] %>
+            cpu: <%= resources[:limit_cpu] %>
+<% if volume_mounts && !volume_mounts.empty? %>
+        volumeMounts:
+<% volume_mounts.each do |vol| %>
+        - name: <%= vol[:name] %>
+          mountPath: <%= vol[:mount_path] %>
+<% end %>
+<% end %>
+<% if (host_path_volumes && !host_path_volumes.empty?) || (volumes && !volumes.empty?) %>
+      volumes:
+<% (host_path_volumes || []).each do |vol| %>
+      - name: <%= vol[:name] %>
+        hostPath:
+          path: <%= vol[:host_path] %>
+          type: DirectoryOrCreate
+<% end %>
+<% (volumes || []).each do |vol| %>
+      - name: <%= vol[:name] %>
+        persistentVolumeClaim:
+          claimName: <%= vol[:claim_name] %>
+<% end %>
+<% end %>

data/templates/app-ingress.yaml.erb

@@ -0,0 +1,20 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: <%= name %>
+  namespace: default
+  annotations:
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: <%= domain %>
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: <%= name %>
+            port:
+              number: <%= port %>

data/templates/app-secret.yaml.erb

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: <%= name %>
+  namespace: default
+type: Opaque
+stringData:
+<% env_vars.each do |key, value| %>
+  <%= key %>: <%= value.inspect %>
+<% end %>

data/templates/app-service.yaml.erb

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: <%= name %>
+  namespace: default
+spec:
+  selector:
+    app: <%= name %>
+  ports:
+  - port: <%= port %>
+    targetPort: <%= port %>
+  type: ClusterIP

data/templates/db-statefulset.yaml.erb

@@ -0,0 +1,76 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: <%= service_name %>
+  namespace: default
+spec:
+  serviceName: <%= service_name %>
+  replicas: 1
+  selector:
+    matchLabels:
+      app: <%= service_name %>
+  template:
+    metadata:
+      labels:
+        app: <%= service_name %>
+    spec:
+<% if affinity_server_names && !affinity_server_names.empty? %>
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: nvoi.io/server-name
+                operator: In
+                values:
+<% affinity_server_names.each do |server| %>
+                - <%= server %>
+<% end %>
+<% end %>
+      containers:
+      - name: <%= adapter %>
+        image: <%= image %>
+        env:
+        - name: PGDATA
+          value: /var/lib/postgresql/data/pgdata
+<% secret_keys.each do |key| %>
+        - name: <%= key %>
+          valueFrom:
+            secretKeyRef:
+              name: <%= secret_name %>
+              key: <%= key %>
+<% end %>
+        ports:
+        - containerPort: <%= port %>
+        volumeMounts:
+        - name: data
+          mountPath: <%= data_path %>
+<% if host_path %>
+      volumes:
+      - name: data
+        hostPath:
+          path: <%= host_path %>
+          type: DirectoryOrCreate
+<% else %>
+  volumeClaimTemplates:
+  - metadata:
+      name: data
+    spec:
+      accessModes: ["ReadWriteOnce"]
+      resources:
+        requests:
+          storage: <%= storage_size %>
+<% end %>
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: <%= service_name %>
+  namespace: default
+spec:
+  clusterIP: None
+  selector:
+    app: <%= service_name %>
+  ports:
+  - port: <%= port %>
+    targetPort: <%= port %>

data/templates/service-deployment.yaml.erb

@@ -0,0 +1,91 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: <%= name %>-secret
+  namespace: default
+type: Opaque
+stringData:
+<% env_vars.each do |key, value| %>
+  <%= key %>: <%= value.inspect %>
+<% end %>
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: <%= name %>
+  namespace: default
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: <%= name %>
+  template:
+    metadata:
+      labels:
+        app: <%= name %>
+    spec:
+<% if affinity_server_names && !affinity_server_names.empty? %>
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: nvoi.io/server-name
+                operator: In
+                values:
+<% affinity_server_names.each do |server| %>
+                - <%= server %>
+<% end %>
+<% end %>
+      containers:
+      - name: service
+        image: <%= image %>
+<% if command && !command.empty? %>
+        command:
+<% command.each do |cmd| %>
+        - <%= cmd.inspect %>
+<% end %>
+<% end %>
+<% if port && port > 0 %>
+        ports:
+        - containerPort: <%= port %>
+<% end %>
+        env:
+<% env_keys.each do |key| %>
+        - name: <%= key %>
+          valueFrom:
+            secretKeyRef:
+              name: <%= name %>-secret
+              key: <%= key %>
+<% end %>
+<% if volume_path %>
+        volumeMounts:
+        - name: data
+          mountPath: <%= volume_path %>
+<% end %>
+<% if host_path %>
+      volumes:
+      - name: data
+        hostPath:
+          path: <%= host_path %>
+          type: DirectoryOrCreate
+<% elsif volume_path %>
+      volumes:
+      - name: data
+        emptyDir: {}
+<% end %>
+---
+<% if port && port > 0 %>
+apiVersion: v1
+kind: Service
+metadata:
+  name: <%= name %>
+  namespace: default
+spec:
+  selector:
+    app: <%= name %>
+  ports:
+  - port: <%= port %>
+    targetPort: <%= port %>
+  type: ClusterIP
+<% end %>

data/templates/worker-deployment.yaml.erb

@@ -0,0 +1,50 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: <%= name %>
+  namespace: default
+spec:
+  replicas: <%= replicas %>
+  selector:
+    matchLabels:
+      app: <%= name %>
+  template:
+    metadata:
+      labels:
+        app: <%= name %>
+    spec:
+<% if affinity_server_names && !affinity_server_names.empty? %>
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: nvoi.io/server-name
+                operator: In
+                values:
+<% affinity_server_names.each do |server| %>
+                - <%= server %>
+<% end %>
+<% end %>
+      containers:
+      - name: worker
+        image: <%= image %>
+        command:
+<% command.each do |cmd| %>
+        - <%= cmd.inspect %>
+<% end %>
+        env:
+<% env_keys.each do |key| %>
+        - name: <%= key %>
+          valueFrom:
+            secretKeyRef:
+              name: <%= secret_name %>
+              key: <%= key %>
+<% end %>
+        resources:
+          requests:
+            memory: <%= resources[:request_memory] %>
+            cpu: <%= resources[:request_cpu] %>
+          limits:
+            memory: <%= resources[:limit_memory] %>
+            cpu: <%= resources[:limit_cpu] %>